How to Prevent Data Loss from Viruses, Phishing, Malware, and Other Common Internet Security Threats

By on Nov 2, 2013 in Blog

Protecting yourself from the growing multitude and sophistication of digital threats is becoming an increasingly difficult task. When your business (and therefore your livelihood) is at stake – it becomes critically important to take these matters seriously (or more likely, just stop being lazy about your security – go on, admit it).

Simply put – your whole business can become completely disabled, your well-crafted reputation destroyed, and even suffer severe financial penalties should certain confidential or private data get released. Yet the majority of security breaches (according to the latest Verizon Data Breach Report) occur through unsophisticated means, and are typically targets of opportunity.

What does that really mean? It means that these attacks are simple to prevent – and there are a number of things that you can do to make it as difficult as possible for these types security breaches / data losses to occur. While no security system can ever truly be guaranteed, you can at least discourage the lucky amateurs and bored hackers from being presented an easy juicy target.

If you are a business – and have any questions, or are worried that you may have lost data due to some other security breach, you always can (and should) ask for professional help. Your IT department / help desk should be happy to help you, and there are many professional services available out there to ease your worries.

For cases that are easier to fix, we have put together some simple advice to help you better secure the digital life of your business:

 

What can viruses and malware really do to my computer systems?

Viruses and other malicious software (known as “malware”) can cause any number of issues – none of which you are probably going to like. It could take several books to describe all the individual ways that malicious software can impact your system – though effects can range from a minor annoyance (such as a slow internet connection) to unmitigated disaster (hard drives wiped out and all computers rendered useless).

The vast majority of performance effects will fall somewhere in the minor annoyance, to middling misfortune range. The worst security cases will typically be due either to the value of the stolen data e.g. leaked confidential records or personal information – or cases where unauthorized access is forced onto a previously secure system e.g. financial accounts, corporate spying etc.

Cases of actual permanent damage to hardware, software, or data storage systems are relatively rare – which thankfully means that they can usually be fixed before (and of course after) the fact.

 

What are some of common security threats that could cause security breaches and / or lost data?

Viruses
One of the most recognized security threats – a virus is typically a small, malicious piece of software that operates on your computer, usually without you knowing it exists. Viruses are designed to run automatically through some compromised access point, and will usually automatically replicate / inject themselves into multiple files on your computer and even onto other computers attached to your network.

Some viruses can simply be annoying, such as displaying unwanted graphics or slowing down your computer – but the more dangerous varieties can delete files, damage programs, or prevent access to entire disk drives and servers.

Viruses are commonly spread through email attachments, file transfers (such as through IM apps), or through files downloaded from malicious websites or file-sharing services.

Keylogging
Also known as “keystroke logging.” A keylogger is a specialized software program that will work quietly on your computer (or maybe another remote computer) – and simply records all the keys you type on your keyboard. The keylogger will then occasionally transmit this information to some malicious party.

Using this technique – it is possible obtain usernames, passwords, account numbers, and other sensitive personal information about you and your business. Accordingly these are more typically used as part of a broader and more sophisticated attack – where the hacker may attempt to access your computers / accounts at a later date for some criminal purpose.

Just like with viruses – keyloggers are commonly spread through email attachments, downloaded files, or by visiting malicious websites. Though external drives (such as USB keys) have also been used.

Worms
Computer worms are designed to spread rapidly through computer systems and networks, and some famous cases have even propagated throughout a significant portion of the Internet. The clever part is that this is all accomplished without any human interaction at all! The MyDoom worm for example caused over $38 billion in damages in 2004 and is still a record holder for fastest spread.

Worms can cause computers and networks to become very slow, or practically unusable. While not usually “malicious” themselves (MyDoom for example made other computers spread spam), worms can cause computers & networks to run slowly enough that they are a severe nuisance, and they may also be used to deploy more malicious software later (including viruses and keyloggers).

Trojans
Also known as a “Trojan horse” application. These are malicious programs designed to cause a particular adverse effect – such as stealing data, deleting records, or making your computer vulnerable to other forms of hacking. What typifies a Trojan horse (like the ancient legend) is that it disguises itself as a safe application – such as a joke, game, or even a helpful tool to “improve computer performance”.

Phishing
Phishing (pronounced “fishing”) is an increasingly common technique used on the Internet. The basic idea is that you have a malicious individual who masquerades as a legitimate account or service, where they will attempt to trick users into giving out their secure personal information.

Phishing attempts usually come in the form of an email or a link, and often look very authentic and reliable. They may also threaten to take some action on your account if you do not reply within a certain time (such as closing you account), or may even claim that they are asking for this information to protect your security (like verifying your security questions e.g. your pet’s name or place of birth).

 

How can I protect myself and my business from these security threats?

While there are a multitude of threats out there in this increasingly connected world – as long as you practice some good common sense, safe internet behavior – you should not have to fear them. The following tips can help your achieve this:

1) Always have your antivirus & Internet security software active.
While this a good start, it is not enough by itself to properly secure yourself or your business. Most modern software packages will include the ability to scan for viruses, while also protecting your computer from keyloggers and other malware – and real-time detection is pretty much standard practice nowadays.

There are many retail products on the market that will provide you all of these features in one package – and much more! Cost shouldn’t ever be a deterrent when it comes to business, though there are also free applications available that will provide you with many of these features.

2) Update your antivirus definitions & security software.
New viruses, worms, phishing scams, and Trojans are being released all the time! Your security software should allow you to automatically download new updates and patches. As a matter of course, you should update your software whenever there is a new release available – and at least once a week for virus definitions.

3) Use a firewall, and have it configured properly
A “firewall” can be either a software application or a hardware device that only allows certain types of information to be transmitted between your computer and the Internet. This is exactly why it is so important to customize the configuration used on your firewall – because whatever is going to come “out-of-box” will only be the most basic form of configuration available, and will not take into account the unique nature or setup of your business.

Firewalls are a great way to reduce the threat of attacks from hackers, keyloggers, worms, and other malicious software attempting to access or attack your computer systems – and they are commonly available as part of a larger information security application package.

4) Run a thorough virus scan at least once a week.
This is one of those cases where it is simply better to be safe than sorry. Just do it. Most security programs can automatically run in the background, and will include an autoscheduler to let the process run outside of work or peak hours.

5) Be wary of any and all emails asking you to go to confirm personal information or account details, especially if there is an urgent tone to the message.
Phishing scams are very good at making innocuous emails or other social media messages appear to come from a reputable company, service, or even trusted people you deal with every day. Sometimes the email may contain links that look like they go to the company’s website, but actually link to a malicious site that is run by hackers or identity thieves. We’ve included some more detailed advice on how to avoid being the victim of a phishing scam:

A) Don’t use the links or phone numbers shown in any suspicious emails.
Instead, go to the company’s website directly through your favorite web browser, or call the person in question directly – and then ask for confirmation about the message. If you need to login to your account to change something, always do it directly on the company website and NOT by clicking the email link.

Even though the link may look legitimate – it is actually pretty simple to mask the actual web address you will go to once you click the link. Yes, this even includes the name that appears in the sender field.

B) Never fill out any forms in an e-mail.
If the email itself contains fields asking you to enter personal information – just don’t do it. Go directly to the company’s website and attempt to locate the form there. If it’s a legitimate request or campaign – you should be able to find the form you need easily.

C) Always ensure you are using a secure website when entering credit card, social security, or other personal information.

You can tell if you are on a secure website versus an unsecured website by checking for the “https://” address prefix rather than the plain “http://”. Your browser should also display some sort of indication to tell you whether you are on a secure server (such as highlighting the text in green, or showing a green / yellow / grey padlock icon). You should also be able to click on the icon to see the site’s security certificate.

If you do not see the “secured” website indicator(s) – do not enter your personal information on that page.

D) Scan all email attachments and files transferred to your computer before opening.
Many email clients and security applications will do this for you automatically, or at least provide with the option to do so. Make sure auto-scanning is enabled for both incoming and outgoing email.

Chat, Instant Messaging, Social Media, and other file transfer services are a favored method for distributing viruses and other malware. Treat all such files with caution, and do not open them until they have been scanned first – especially if coming from an unknown (and therefore untrusted) source. Even files from trusted sources may have been compromised unintentionally and / or unknowingly – which is exactly why this level of caution is warranted.  

E) Disable email preview and make sure emails are not otherwise opened automatically.
Many email-based viruses are designed to take advantage of email clients that automatically open or preview messages. Disabling this option will allow you to delete suspicious emails before they have a chance of infecting your computers, thereby removing a very easy threat vector from your security system.

6) Scan any removable media before opening files.
USB thumb drives and SD cards (for example) are very handy storage devices, but they are also a notorious source of malicious software. For example some viruses and malware are designed to sit on public terminals (such as in hotels and airports) and automatically download into any removable media used on those computers.

7) Be wary of unexpected macros in Microsoft Office documents.
While macros in Microsoft Office documents are usually safe and quite handy for some business functionality – they can also be used to trigger viruses. If you open a Microsoft Office document from someone you are not familiar with and it contains a macro, do not allow the macro to run. You should also not run macros if the document says it has a macro and you know it definitely shouldn’t. This also goes for other productivity applications, and cloud-based productivity applications (such as Google Docs) are becoming an increasingly popular source of malicious macros.

 

Final Thoughts

Hopefully we have given you some useful information to keep you mindful of your security behavior. Always remember that most security breaches are unsophisticated in nature, and typically targets of opportunity (you should check out that Verizon report to see the statistics yourself).

This means that the majority of attacks can be easily prevented with some common sense, and good security behavior and practices. None of what we’ve described above is especially difficult to do, and keeping vigilant will certainly help prevent your business being an easy juicy target.

There are two final tips we would like to leave you with:

1) Keep your important software up to date at all times.
Many security threats can be easily avoided by regularly checking for software updates – and in most cases this process can be completely automated. This includes your Operating System, your Web Browser, and any other software that your business depends on to function.
2) Backup your systems regularly.
Even if the worst should happen – having a recent backup of all your files will make sure that you can get back up and running with the shortest possible delay. Do we really need to explain the business benefits of this practice? We hope not.

Thank you for reading, and keep your digital business world safe!

Post a Reply